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(54) SYSTEM FOR ESTABLISHING AN AUDIT TRAIL TO PROVIDE SECURITY FOR OBJECTS 
DISTRIBUTED VIA A NETWORK 

(57) Abstract 

A log file setup system and method £u*e provided for use in generating an audit trail. A security server (18) maintains 
a log file of action conducted by the requester (10) and the security server in relation to the secured object (16). The 
object control, instantiated with the object (16) at the requester device (10), transmits an encrypted descriptor of the 
action to the security server (18), and if there is no safe connection to the security server (18), the requester device 
(10) is prevented from engaging in any action (viewing, editing, printing, etc.) whatsoever. The security server (18), 
in addition to recording the descriptor of the action conducted by the security server (18) in relation to the security 
of the object (16), also records information received from the requester device (10) in the log file, along with other 
data. 

Representative Drawing 
Figure 1 



Technical field 

The present invention relates to the establishment of an audit trail for the security of an 
object, such as a code, document, or image, distributed via a network. 

Prior art 

Contractors and the partners and clients of growing businesses generally use the Internet 
in order to seek out information, exchange code, documents, images, etc., in the course of 
business. With the increasing amount of business taking place over the Internet, interest has 
grown in protecting information exchanged or stored over the Internet from hackers, and hackers 
have been able to gain unauthorized access to such information, and have used it for their own 
financial advantage or have harmed information or systems in which such information is stored. 
In view of the enormous quantity of business transacted over the Internet, and the enormous 
value of this business, the safety of the objects stored and exchanged (including code, documents, 
images and anything represented in a digital format), and of the intellectual property contained in 
these objects, is paramount. In other words, it must not be possible for an individual or company 
to gain unauthorized access to said objects or to the intellectual property contained with them, it 
must not be possible to print them without permission, and must not be possible to edit without 
permission having been provided by the owner. 
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The security technology for objects and object exchange contains many components. One 
of these, the certificate, is a process of confirming the identity of the information requester or 
sender. Said certificate generally is formed by the use of a password. The drawback of this 
method is that the password can be lost, revealed, or stolen. 

In stricter authentication processes, a digital certificate is used that is provided by an 
authentication agency. A digital certificate includes the owner's name, serial number, expiration 
date, and digital signature of the issuing agency (confirmation of sender and message data using 
public-key encryption, and data added to the certified message). Said certificate also includes the 
public key of the certificate owner. In the public-key encryption widely used in authentication, 
an individual has a private key and a public key generated by the certifying agency at the same 
time using an algorithm such as RSA. Said public key is published in one or more directories that 
include the certificate, while said private key is kept secret. The message is encrypted using the 
recipient's public key, and this is captured by the sender in the directory, and decrypted by the 
recipient's private key. The sender can encrypt a message with the sender's private key for 
message authentication; the recipient can verify the sender's identity by decoding the signature 
with the sender's public key. 

Authentication is determined by whether the user has privileges (view, modify, etc.) with 
respect to the resource. For example, the system administrator can decide whether the user may 
access the system, and can decide what rights each user will have within the system, such as 
access to certain files, storage capacity, etc. Ordinarily, rights assignment takes place after 
authentication. Thus, if the user requests access to an object, the system confirms or certifies the 
user's identity first, then determines whether the user has access rights to the object, and how the 
user will use said object. 

For object security, encryption may also be used. The plain text of the message is 
converted to ciphertext by encryption. In order to translate the encrypted object, the recipient 
must obtain an exact decryption key (for example, refer to the description of the above-described 
basic public-key architecture and public -key encryption). Generally, the cipher used in 
encrypting an object can be broken, but the more complex the encryption, the more difficult it is 
to break the cipher without the decryption key. A strong encryption system has a sufficiently 
wide range of possible keys to make the encryption unbreakable by trying all possible keys. In 
addition, a strong encryption system is not affected by known methods of code hacking, and will 
appear random to all standard statistical tests. 

Other types of security methods can be used at computer locations in order to secure the 
total computer system. For example, many companies install firewalls to prevent access by 
unauthorized users to the company's data or programs. However, firewalls can be damaged, and 
do not guarantee the safety of the computer system against invasion. Another problem is tfiat a 
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firewall does not prevent systems or system resources from being damaged by an unauthorized 
user located behind the firewall. 

Message transmission can be made secret. Ordinarily, Transport Layer Security (TLS) 
and Secure Sockets Layer (SSL) protocols are used to provide encrypted communication 
between server and client. These two protocols are integrated into the majority of web browsers 
and servers. 

By implementing accountability, i.e., by tracking user actions that are either related to an 
object (such as an object request) or actually performed on an object (viewing, editing, printing, 
etc.), audit trails also provide security. Audit trails must be safe against unauthorized 
modification, for example it cannot be allowed for an unauthorized user to remove the evidence 
of his or her own action from an audit log. Because the auditing of requests and actions generates 
a large quantity of information, the system that generates the audit log must have the capability 
to store and efficiently process said information. 

The above-described security apparatus can be used separately, but it is more conunon 
for several types to be used together. In addition to such ordinary apparatus, other security 
methods also exist in the prior art. 

InterTrust Technologies Corporation has acquired numerous patents related to digital 
rights management. By means of InterTrust's Digibox container technology, information 
(including content and rules related to access to the content) is encrj^ted and can be stored in a 
Digibox container, which is essentially a software container. Said encryption key and container 
are transmitted from node to node in the virtual distribution environment (VDE). Said virtual 
distribution environment includes dedicated hardware or software, or a combination of these. 
Only a device integrated with the VDE that runs the appropriate InterTrust software can view the 
information within said container. An audit trail is generated and stored within said VDE, and 
can be shown. 

An invention is needed that will secure objects (including code, documents, images, and 
software programs; basically, anything that can be represented in digital form) that are available 
on the Internet without authorized requesters running specific software on their computers in 
order to access secured information; a secure audit trail is also needed, in order to ensure 
accountability and non-refiitability. 

It is preferable that security duties, including storage of audit trails, be assigned to a third 
party, in order to reduce the processing and hardware load (including sufficient memory for 
storing enormous audit trails) of providing safety for the object servers. Finally, it is preferable 
that in order to demonstrate the integrity and non-refutability of the audit trail and provide wide- 
ranging security, information such as a description of the object secured by the audit trail, and 
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the security policy of the requested object, nonce of the requested object, serialization of the 
requested object, rights assignment, authentication and request. 

An invention is needed that will secure objects (including code, documents, images, and 
software programs; basically, anything that can be represented in digital form) that are available 
on the Internet without authorized requesters running specific software on their computers in 
order to access secured information. For example, due to their limited budgets, even if students 
have their own computers, they can of course scarcely be expected to purchase software enabling 
the download of information like lecture notes and schedules (schools gradually are allowing the 
use of such information by authorized users). Additional preferable features of a digital rights 
management system include passing most security "duties" to a third party in order to reduce the 
object server's processing load from providing safety and providing single-use encryption keys 
that are safely transmitted between the requester and the "security server" instead of transmitting 
the encryption keys together with the encrypted data. Even after the object has been sent to the 
requester, it is preferable that the digital contents rights management system continue to provide 
security for the object. 

Detailed explanation 

The present invention provides a method and system for securing an object (anything 
represented in digital form, including code, documents, images, and software programs) 
distributed via a network. "Security" is the restriction of certain recipients from engaging in 
certain actions (such as viewing, printing, editing, copying) with respect to an object. 

An object server that includes all secured objects and unsecured objects is furnished with 
software that regulates whether an object must be secured and what the security policy is (the 
type and level of security the object receives). Said security policy includes not only action 
policies related to actions such as whether the object can be printed or whether it can be edited, 
but also restrictions on the people who can view the object, the lifespan of the object, and the 
number of times the object can be shown. Object controls are the mechanisms that implement the 
security policy. 

When the object server receives a request for an object, the software checks whether said 
requested object is secured. If the object has not been secured, the server sends said object to the 
requester. If the object has been secured, the software generates a new object including the 
serialization of the requested object, the security policy and description, as well as the time and 
certificate of the original request. Said new object is sent as a response to the requesting browser, 
along with a redirection conmiand that causes the requesting browser to designate a "security 
server." 
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The security server, furnished with software that provides the security service, first 
receives and certifies the redirected request, and then acquires said requested object from its own 
unique cache or a server that includes the object, via secure transmission. Next, the security 
server encrypts said requested object using strong and non-malleable encryption, and combines it 
with mobile code (software that is, without explicit installation or execution by the recipient, sent 
from a remote system, transferred via a network, and downloaded and executed on the local 
system), the security policy, and object controls. The resulting package is returned to the 
requesting computer as a response to said redirected request. 

Said requesting computer then attempts to run said mobile code in order to provide the 
requested object. Said mobile code runs a test in order to verify the instantiation of the object 
controls, and if these controls have been properly instantiated, when the request authentication 
has been satisfied, the requester requests the decryption key, which is sent to the requester by 
secure transmission. Said decryption key is a single-use key used only to decrypt this specific 
object. If said mobile code is executed successfully and the decryption key is acquired, said 
requested object is restricted by the security policy and object control. 

A descriptor of the action of the requestor in relation to the object, and specific action 
related to the security server, is recorded in the log file, which can be used in inspection by 
authorized individuals such as the content owner or system administrator of the security server. 
Using said log file, an audit trail can be drawn up that describes specific actions carried out by 
the requester, what type of security policy was appropriate for each object, whether the object 
was transmitted, who requested which object, as well as acquired information, such as the 
number of times the object was accessed and the time the object was accessed. 

Said security server is used to execute the majority of actions related to securing and 
transmitting requested objects. Accordingly, the object server is dedicated to the processing of 
requests for information, rather than expending processing resources on security issues. In 
addition, because the system administrator of the server deals with all time settings and 
administration of the object server, resulting savings are realized by the owner of the object 
server. 

The method and system of the present invention differ from other object security methods 
and systems in that there is no need to install shared software on all computers involved in 
requesting objects and providing the requested objects. 

In addition, the key used in encrypting and decrypting the object is a single-use key, and 
is not transmitted along with the encrypted object. 
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Brief description of the drawings 

Figure 1 is a block diagram of the configuration elements of the object security system of 
the present invention 

Figure 2a is a flowchart depicting the method of the present invention by which an object 
is secured. 

Figure 2b is a flowchart depicting the method of the present invention by which an object 
is secured. 

Figure 3a is a flowchart depicting the method of the present invention by which a log file 
is generated of the requester's actions with respect to a secured object. 

Figure 3b is a flowchart depicting the method of the present invention by which a log file 
of object server action is generated. 

Embodiments 

Referring to Figure 1, connected to a network (in this embodiment, the Internet (20)), 
there are: a requester device (10) (a computer in this embodiment, but including any device that 
can act as a client in a client/server relationship); an object server (12) that contains an object 
(16) and security software (14) that indicates objects that must be secured; and a security server 
(18) that contains software (94) for providing security services. Objects (16) include code, 
documents, images, software programs, and anj^ing else that can be represented in digital form. 
An attacker (22) is also present, corresponding to a person or device such as a computer or 
recorder that is used in order to gain unauthorized access to the secured object. Although one 
requester device (10), object server (12), and security server (18) are described here, it is possible 
for the method and system of the present invention to accommodate a plurality of requester 
devices (10), object servers (12), and security servers (18). 

In the present embodiment, said object server (12) and security server (18) are Hypertext 
Transfer Protocol (HTTP) servers. Said requester device (10) must run a software program that 
operates as a World Wide Web browser (24). The request conceming the object (16) from the 
requester device (10) is relayed to the object server (12) by the browser (24) via an HTTP 
request. Likewise, the response to the request also follows the HTTP protocol. 

As described above, the object server (12) runs the security software (14), and in the 
present embodiment the security software (140) [sic; (14)] is an extension of the HTTP server 
software. An authorized system administrator uses said security software (14) to designate which 
objects (16) have not been secured and which will be secured. If an object (16) is designated as 
having been secured, said security software (14) induces the administrator to designate the type 
and level (for example, the security policy) of security with respect to the object (16). Said 
security policy includes restrictions on the number of times the object may be viewed (cardinal 
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restrictions), object lifetime (temporal restrictions), and persons who can view the object, as well 
as action policies related to whether the object can be printed, edited, etc. The actions that the 
requester can perform on the object differ depending on the requester's identity. The object 
controls are the mechanisms that implement the security policy. 

The security server (18) also runs the software (94) that is an extension of the HTTP 
server software. This software (94) provides security services for the object. 

In Figure 2a, a requester requests an object (step 26). The object server that stores said 
requested object receives said request (step 28). If said object server has an independent 
authentication policy, the object server will carry out that policy, and will certify the request 
upon receiving it. Said security software inspects the HTTP request and determines (step 30) 
whether that request relates to a secured object. If the requested object has not been secured, the 
requested object is sent to the requester (step 32). 

However, if the object is secured (step 30), said security software generates a secured 
request included in the response to the request of said security software (step 34) which is then 
re-sent to the security server. Said secured request is an object that includes the original request 
time and encryption data including authentication, in addition to the description, security policy, 
nonce, and serialization (verifying that only one approved version of the object can be used) of 
the requested object. Information related to authentication is governed by whether the object 
server has an independent authentication policy. If there is an authentication policy, said secured 
request will include the results of authentication. If there is not an authentication policy, the 
information will include said secured request. 

Diverse services are provided by encryption. Said authentication can not only support 
authentication and the assignment of rights to a request, but can also protect the integrity of a file 
(for example, preventing unauthorized modification). Here it is possible also to protect the 
requester's individual privacy by using encryption. Another function of encryption is the 
prevention of repudiation (non-repudiation) and the detection of changes. A protocol is used that 
supports strong and non-malleable encryption. The protocol determines the type of encryption 
used, and whether exchange between the requester and server is necessary prior to encryption 
taking place (for example, it is often necessary to exchange the key so that the recipient can 
decrypt an object encrypted by the server). 

Said enhanced request is included in the response to the requester, along with the 
command to re-send the request to the security server. Said re-sending must be transparent to the 
requester. 

Said security server software decrypts said enhanced request (step 38), A shared key for 
encrypting and decrypting said enhanced request exists at both the object server and the security 
server. This key is generated when said software is installed on the object server. 
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Next, said security server software checks whether said enhanced request satisfies the 
requirements for a well-formed request (step 40). If the requirements for a well-formed request 
are not satisfied, the security server returns a message to the object server indicating an invalid 
request (step 42). Said object server sends a message concerning the invalid request to the 
requester. The system manager for said object server determines whether to send said message. 

If said request is valid, the security server software authenticates said request (step 44). 

The security server software compares the time and certificate in the re-sent request 
heading to those included in the enhanced request. If said security server software cannot 
authenticate the request (for example, a replay attack is indicated because the two request times 
are different from one another, or the requester identity in the re-sent request differs firom the 
requester identity in the enhanced request), a message is returned to the object server indicating 
that authentication was not satisfied (step 46). If the request is authenticated, the security server 
software decrypts said request, and the requested object is acquired fi-om the security server 
cache or from the object server (step 48). If there is a request, said security software transmits 
said object to the security server. If the security server must acquire the object from the object 
server, the object is sent via secure transmission. 

When the security server has acquired the requested object, the security server software 
encrypts said object using strong encryption and non-malleable encryption and combines the 
object with mobile code (software sent from a remote system without explicit installation or 
execution by the recipient, transmitted via a network, and downloaded and executed on the local 
system), a security policy having authentication, included in the enhanced request, and object 
controls (step 50). The encryption of the secured request object acts to protect the object and the 
requester and provider of the object by ensuring the integrity, personal information, and 
authentication (if appropriate), as well as being a change-prevention and repudiation-prevention 
tool (so that a party to a transaction is unable to improperly deny a relationship to that 
transaction). Next, the result package is sent to the requester (step 52; see step B in Figure 2b). 

In Figure 2b, the requester receives the response and attempts to execute said mobile 
code (step 54). If said mobile code is executed, the security policy and object controls for the 
requested object are instantiated on the requester's computer (step 54). Said mobile code executes 
a test to determine whether the object controls have been accurately instantiated. If they have 
been accurately instantiated, if the requester needs a decryption key (step 56), the requester 
requests the decryption key from the security server (step 58). The security server software 
authenticates said request (step 60). If it is not possible for said security server software to 
authenticate that request, a message concerning that result is sent to the object server (step 62). 
However, if the message is authenticated, said security server software returns the requested key 
to the requester by secure transmission (step 64), and the requested object is decrypted (step 66). 
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The key used by the security server in encrypting and decrypting the object is a single-use key. 
Said single-use key is provided either by a "seed" for randomly generating the key, determined at 
the time of installation of the security server software, or by another well-known means, most 
typically by certificate. 

If said mobile code is executed, the requester can view the object under the restrictions 
imposed on the object by the object controls or security policy (step 68). 

As shown in Figure 3a, the log file for action carried out on the object by the requester is 
maintained in order to establish an audit trail. Said log file can be used for inspection by the 
system administrator of the security server. Using said log file, an audit trail is created that 
describes what sort of security policy is appropriate for each object, whether the object has been 
sent, and who requested which object. 

If the requester attempts an action related to the object (viewing, printing, editing the 
object, etc.), the object controls will determine whether a network connection has been 
established (step 82). If there is an open connection, an encrypted descriptor of the action is sent 
to the security server, which records said descriptor together with some of the other data in a log 
file (step 88). The other data recorded in the log file includes "local data," namely server-side 
data including the server's local time zone, identity, and time, and the requester's network IP 
address. Said information is sent to the security server and if a verification is sent to the requester 
(step 94), the action with respect to the object is permitted (step 90). For example, as described 
above, the requester can view the requested object only if the mobile code is successfully 
instantiated and the decryption key has been received from the security server. First, if the object 
is displayed on the requester's computer, a descriptor of said event, namely viewing of the object, 
is sent to the security server. If no verification is sent to the requester, the requester's request to 
perform an action on the object is rejected (step 92). 

If no secure connection to the security server has been established, the object controls 
will attempt to establish such a connection to the security server (step 84). If said connection is 
established (step 86), an encrypted descriptor of the action is sent to the security server, and said 
security server records said descriptor and other above-described data in the log file (step 88). 
The action is then permitted on the object (step 90). However, if a connection cannot be 
established (step 86), the requester's request to perform the action on the object is rejected (step 
92). 

As shown in Figure 3b, the security server stores the descriptors of actions conducted 
with respect to the encrypted object in the log file. These actions include the response to the 
object request, the transmission of the object to the requester, the receipt of the request for the 
decryption key and the transmission of the decryption key to the requester. When the security 
server carries out an action (step 74), the system software determines whether the action is 
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related to the transmission of a secured object or is related to a request for a decryption key (step 
76). If said action is not related to the transmission of the secured object or the request for an 
encryption key, nothing at all is recorded in the log file (step 80). However, if said action is 
related to the secured object or to the encryption key, the descriptor of the action is recorded in 
the log file along with the time, local data and requester network IP address (step 78). For 
example, if the security server receives a enhanced request for a secured object, said security 
server will store the enhanced request in said log file, and along with it will be stored at least the 
time, local data and requester network IP address. When the security server has transmitted a 
package including the object combined with the mobile code, the record of this action is recorded 
in said log file. 

In another embodiment, the requester can take actions with respect to the object but is 
"untethered" (that is, not connected to the security server). If untethered action is permitted by 
the security policy, the requester's action is recorded on the requester device, and the requester 
sends it to the security server when a connection to the security server has been established. A 
control is configured so that if a connection to the network is not established within a set 
timeframe, access to the object is restricted. 

In yet another embodiment, the descriptors of the security server actions can be encrypted 
prior to being recorded in the log file. This embodiment can be used when persons other than the 
system administrator are permitted access to said log file. 

Claims 

1 . A security system that secures an object by providing a log file for requested action 
and action conducted on the object, which is distributed over a communications network, 
wherein said security system comprises: 

a) an object server connected to the network that runs software programs that specify a 
security policy for objects that have been or will be secured; 

b) a requester device that requests the object from said object server, and is connected to 
the network; 

c) a security server that runs other software programs that provide security services to 
objects specified as having been secured by said software program, wherein the software 
providing said security service comprises: 

i) a receiving means wherein redirected and enhanced requests for a requested object 
from the requester device are received, and further wherein said enhanced requests correspond to 
the initial request of said requester device, and are generated by said object server, and further 
wherein redirected and enhanced requests with respect to a requested object are received. 
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including encrypted data related to the time and certificate of the original request, as well as the 
requested object's description, security policy, nonce, and serialization; 

ii) a means for acquiring said requested security object from an object server or cache 
wherein said requested security object is stored; 

iii) a means for encrypting said requested security object; 

iv) a means for combining said requested security object with a movement code, security 
policy and object control; 

v) a transmission means for the result file, which transmits the result file to the requester 
device, wherein the object requested must be provided to said requester device by said requester 
device executing said movement code, and which depends on the security policy and object 
control located on the requester device when executing said movement code, in order for said 
requester to use and view the object; 

vi) a meeuis for confirming whether said object control is appropriately instantiated; 

vii) a means for providing the decryption key to the requester based on whether said key 
request is satisfactorily certified; 

viii) a means for storage in the security server, wherein information on an event is 
recorded in the log file, and such events are part of the group comprising: 

A) requests for action with respect to a request-security object, initiated by the requester 

device; 

B) action performed on said request-security object by the requester device; 

C) action related to the security of the request-security object by said security server. 

2. The security system cited in Claim 1, wherein said log file is used to generate an audit 

trail. 

3. The security system cited in Claim 1, wherein said recorded information is the start of 
the event. 

4. The security system cited in Claim 1, wherein said recorded information is local data. 

5. The security system cited in Claim 1 wherein said recorded information is the network 
IP address of the requester device that initiated the event. 

6. The security system cited in Claim 1, wherein the information recorded in said log file 
includes a descriptor of the event. 

7. The security system cited in Claim 1, wherein the information recorded in said log file 
includes the request transmitted to the security server. 

8. The security system cited in Claim 1, wherein the information transmitted by said 
requester device to said security server is encrypted by protocol. 

9. The security system cited in Claim 8, wherein the protocol including encryption of 
information provides strong encryption. 
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10. The security system cited in Claim 8, wherein the protocol including encryption of 
information provides non-malleable encryption. 

11. The security system cited in Claim 1, further comprising a means for setting up a 
connection between the recipient device and security server in order to record information about 
the requester-device-initiated request for action, wherein said connection is set up if there is no 
currently existing connection between said requester device and said security server. 

12. The security system cited in Claim 11, further comprising a means for refusing the 
requested action with respect to a secured object if it is not possible to set up a connection 
between said requester device and said security server. 

13. The security system cited in Claim 1, further comprising a means whereby if a 
connection has been set up between said requester device and said security server, the action 
with respect to the requested security object is recorded by the untethered requester device in a 
file on the requester device, and said file is transmitted to the security server. 
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authentication 

48 Security server decrypts enhanced request and acquires requested object from 
object server or cache 

50 Requested object is encrypted and combined with mobile code policy including 

authentication by enhanced code, and document controls 
52 Package sent to requester 



18 



£1^7^^ Oi@ 
^IdAI^UKSAinOlS 



54 




58 



fits fiA|8(l-h 






M © 













72 



)03S eJMSI M:3|fi| 
MSB 9«ijl 



Figure 2b 



Key: a Yes 
b No 

54 Requester executes mobile code and puts document controls in position 
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58 Requester requests encryption key from security server 
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62 Security server returns message indicating unsatisfactory authentication to object 
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66 Requested object is decrypted 
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^1 



^^011 ^OICK 



^nm. aj^oi h^e^ □! :32He^ afs2i 3fso(iAi sis. ijsf si oidixi *r 

:>\ ^mo\ eiEi'^e ^y^og A^go^Jl sic^. ejEiyi ^^oiiAi oi^oixib Amoi oc^^^. ojEiyi 

^^011 XiS£|>1U (hacker) ^^£i yo^5^o^^ >iOt| . 

e° Die s^oii cHo^ Ma ^Aii>^:7h 7^^o^Il. n §mm aj^im^ sxii^j oi^e ?iopoi Ajgrn^iu § 

S SE^ S^:?rXl^^£|^ A|>im e^^AI^IQ. o|E|.^ Afo||Ai 0|^OiX|b gfoj ^^^^ ^ ^^qoj 

4>^S H^mS. A^S^ °! ^h^IKSH. ^M. Omx\ °! qxm g^^^ HS^ £E 5ie 

3 2H^| moil s^^s Ai^ xHii^s eisol i^^oicf. ^. ^^:7| aixiiaf a ajAii lhou ai 
mm. ^^AK)|| 2|oK)i ^oFoi ^oisixi o^ ^ gioiof ok:^. 

2f}xii 13^21 s^e s^M si^E^Q. 01 M s mu8j ei^B fi=?AF se^ 

§a ^dXf2J Aj^e ^ejm^ M^AIIriiOjQ. 01^^ 1IH^?IH2| AfgOII Oj^OjXI^ ^0| ^ 

eig H^Ai|^oi|>M^ oje :'I2^0!| 21^0^ xii^g qx|^ e^gA^7^ AFg@q. qx|^ ei^Aioii 
^ ^sa^. ^^2[. §y ^\^^ qxig Ais(^:>H7i ^^^me Af^moi ^ai 

(fllAIXI aiOieiS ^oj SI ojgoh^ DIIAIXIOII PIOIEDOj HlJSCt. oigAidlb ei^Ai 

4i^^2| 5:?H?I£ Sf^8C^. oig ^xhOllAi ^S9im:HI A^gEI^ 5:>H?I ^^aSKHI 2iO|Al. ^2}^ RSASf 

^iQBiee A^g8^^ ©i^ ^i^toii £|6tt ^aioii ^^iei^ 5:?h?|2J :'H&i5iM ^:»H?l^ 

ei^Aie Si^m^ oH4 0|^^2| q^£B|(directory)0|| gPHEi^. :'He]5|^ Oj^ a^EH^ HAj^Q. 

wiAixi^ ^{Axm ^n^m o^mafaia. oi^ ^dAjoii 2jmoi q^^aoii s^jeidi. ^^dAjei n 

ei^lOll 2J6H ^^alSq. DIIAIXI ojgg ojg^Q^ ^dXf^ ^dX^2| [H|A}X|M ^ 

21^CM. ^<yxF^ ^iiiXF2| ^:iH^f^ AjgM ^^sfifo^JiM ^dxjsi t^mm ^ 9iQ. 

Mmw\ A^^oii cHEf ^3(s:?i. ^^^A|£| 01^7^ oigoii 216^01 ^ssq. oimcH. AI^H 

EfBIAfe Oii= AfgAPF Al^riJOII QijAll^i^ 4^ £i^X| 4^ ^i^BI, Z| A^gAP^ A|:^ij L||0||Ai OjCq 

t^ i^^Ai. ^ ii^^oii cflo^ oKAiiii^ a! Ai§r ge}2i ^^s^ 4^ 2iQ- ^01^ 

2jg oi^oii ^01 e^^^ojq. ^. AhgAh:?j a!AllS2| ohaii^^ fi^ms. Ai>iSe ¥d A^gAF 

2] Aigg ^01 o|g5^:Q, :2 cfg 3 ^nm Qi|Aii>t 01 ^sj, af^afj^f 

^Uj 2HXIIM ois:>ll A^g^ >ioixi d^g ^§°!q- 

^^^m^ A^gl ^ sicf. tHiAixi2i ^^sa^oii 21^01 g^s^^^ ^^^q. 
5^ ^:^H?i ^^smoii ^se §[^epi uftj). ^H^iie ^^s^sfbQi A^e£l^ '^s.:f\j\ m 

IJ(break)^ ^ 2iA|ei. ^Sl^^^ glOj &^^:?IM SHUaf7j7f q^ Oi^?|^IQ. 

^^am A|^a|S 7F^?|2| AISOII 2|oHA1£ M SHU^ ^ gie S £2j SS?|o| :^J^^|§ i^h^ 

Q. iJSSr A|>iii& 7|A|2| 5aH SHU ^^^21 ^^A| QfH. S^^S! E||:i: 

^011 m'^om 3101 p. 

^^q Ai::i^e se^^spi ?ie g=o^ aeiaoi ^^q ?|x|oiiai A\%m ^ £icf. oiigjq. 
:?m Qjoiq Hsasoii qjoh A^gxj2j qh^^i^^ ^^Alo^:?l ^m^m 
q. nau. ^^af^^ ^-^m ^ £i^Di. s^oii s^ei Ai^aj2i ei^i^e ^&^o^Al ar^q. pe 

^^ISe ^^m^Oj ^011 ?|x|Eh AhgXIOil 2ieK)1 Al:r^^O|U A|^^ X^SO| ^^^£|X| 

ao^m^A| ar^q^ ^01 q. 

[H|A|X|2| -^\^mm 4= S^q. A|B|2f geiOloi^ A^0|0||A12J oh^^ ^^(^ XjjgSf^ 

C-ljOII 3^ S^KTLS: Transport Layer Security) o| ^21 :>1I^(SSL: Secure Sockets Layer) H 

^SeOI Ajgs|q. OIM 2:»H2| H££ee aiV^2j UHa¥Ai<2f AltHOll §^£101 2iq. 

^^A^ ^^'^^^(accountabi lity)2| 4^^011 2|S^01. ^ 21|a||2^ 5^^^ AfSAJ2i ^?|(2Ha1| fi^ 

^)q 2H^^|0|| ^^l^o^ AfgXt2| *9^(^?|. ojiH *^i[o^;^^ S^srS Xll^tVP- 

^AM ^^e £^s^^¥q e^amoiof moi. oimcH a^^apj ^^A^ sucaudit iog)s^Ei xma 

^?loil qi£[ n?\o\^ ^oi oigg 4^ siq. fi?2f ^?|oi| qsK ^Afb §es 

spi oH^oii ^^Ah ^^m^ Ai^rne xisona se^ns *ibi& 4^ si^ ^ 

^o\o\ E.^q. 

^21 Sxib :jh^^os A^gi 4^ 01:2^ g ^t^^iHS Ajg£i^ ^01 q^ ^y^ojq 

oieig^ §r^l o|£|oii£. eeHOii q^ se^m ^^^Moi exHi^^P- 
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ejEiMe|>ke El|3^SX|>iAKInterTrust Technologies Corporation)^ QAIg 2! £| 5^e|(digital 

rights management) 0|| q|mO| ^^o[91Q. 2j E4 ^^i r^i^A^o^ qx|^^>::(Digibox) ?iQ10|L| 

Virtual Distribution Env i ronment) Oil A] !iiH{node) b^HS Sfe^^Q. ^HH S^3(V0E)g 

mO\m ?eA|5|^ VDE LHOii ei^^ ^n^0\ ^jEljOmoi gyp ^ ^ ojQ. A^7| VDE UiOIIAI 

iiAj£. oiEiyioiiAi 4^ 2Hj5ii(3iH. , o\u\x\ ^ :4tH^^ioi s^^mui . :'l^^^ 

A\ Hlw^«|^(non-refutabil ity)£ 

^^1 AiBiOll CHoh o|2^ ;^i|go| ^^e^ «^ oj sfS?IIOi ^SC^^UIeI 21^ ^^A^ X^S^o^:7|0^| ^^Sh 

OilSBIM S^^AI^PI ^mOi ?,^A^ Xi^m 5tf§.^ ay 2|^e Xi|3XK)||:>11 ^7lb ^01 op 

ir^^ohq. DUI^^^^. Sete ^l^mH i^AJ ^^°J ^^^(integrity) °l blo}y|^# eSm:'l 

?|oK)l fi^. ojg. 5|^^^0^. fi=P^ 2H^|o| ^gsi-. ^^1^ y::^(nonce). 2h^|o| ^oj g 

^ 5^ ^^OIlAi 5^0^^^ 2Hx||o| :?|^(description)Jir S^M X^S^^^ ^0| HF^^^lsm. 

:nAi£. eiEiyioiiAi ^ 2ib ^^ikmh. ^Ai. oidui ^ ±H.^mo\ ^^nmm sirmoi. :7|^^h 

axis g^o^ ^2}mo\^ ^SOl fi^gcK oimcH. ^^^ME oll6^^^ 

eio^oi. A^(M2i s^EiM 7^x|:^ spoilt, ^ AiziH2f ^sc^^in^ eiEiyiM 

Emol AhMxfoii:^! oidi£[ s^oj A^fi^ ^gsf:^ 2iM)ej :?^^o^:Hl sh^^ ^Hm?j| 

ojoj =?^oi S35I 4^ ^1° ohUQ. qxi^ :d^^\ ^m^m ^ 

SB ^^^^IM ^^^^2 qioiEisf t^^^i EUom^Q '^e^ AibH' A^oioiiAi ^y^nm i 

^a?iM xn^onn 2^3^ e 7:^d|^^2^ aibi^^ei s^^ai^pi ?imoj 01^^21 

^2}m m «i3AK)ii:>ii s°i^nq. ^my\ s-^xmrn oi^oiit qxii 3 
ei 3ei Ai^ijoi ^j^ioii CHE^ :^l^eib ^5. n^^^sfq. 



^ 2^ ae^sfspi Ai>:ije m\^^q. ^21^^ ^^ ^^^mo\ ^nmi w\ 

o\ mm ^mm. 21^. mm. ^A\)m ^m^m Mmm^ ^tioiP- 

^etsf^ 2H^i °i diMetms M^nm^ Amy\ ^2^m^o\o[ m^x\ o\^9\. a 

01!^ 2iim?\ 2}^m ^ 2!^xi. mmm ^ 9i^x\ m^^^ o\us\. 2HM\m m 

E^q. 2»i^Pf MO|^£ixi afsjog, AiBi^ ^^7| 2HAiie e^xK)ii?ii^ 3^^^ ^oiq. sehm£j2i 

m S^. ^HM?i|01^ fi^^ ai^lSJ m^m, y:^. §^ §^ :7|#(description)^&| 0^qe|. ^CH 

Aibjr^e :«3ISoh^ ^hm?iioioii ?h|^ ao^ Aiujb xHxigsi Q.=?m ^^o\:d. 2}^^ Q^. ^21 

B^m mmo^ mwm m^u xh<Moj :no ^n^i^^q ^yy\ ^M\m mmmQ- n qe. s 
2} AiHi^ ^^o[Ji bj^e^ "^^mm o\^o[o\ 2HAiie of^s^mia. 01^ 3H(4-<yxK)ii ^ 

t.^ ^^E} ^xiq giOl g^XI Al^iH^^^q ^Altim. L||e^3M e^^0| 3#£|D1. A|i^^ 

Oil q^^HEIH ^^m^ 4iMeojioi). yoF g^H 5^ 2HX|| mo\9\ ^ItAj^jq. Z2 ^^If^Aiej DH^jXPr 

;mixi§^ fi^poii mm e^^^ ^^qoii y^siq. 

^^Ei^ fi^si 2H^is ;3|gspl ?I6K)1 oie A|s^E^c:^. oie 

^H^i xii(>i2^ ^Aii5:Kinstantiation)e m^^m ^^Ai?i:2. o\m M\o\?[ ^nm 

3 S¥ fl^xjb ojgoi e}^£i2ie OH ^2} eeioi fi=pxjoii7ii s^ei^ ^^?im Q.^m 
q. Af:?| ^^51^ 3H^ie ^^s^mb qioiiqt A^g£^^ lajg ^joiq. ^^:?| oie ^^^j 

^Stid ^^£19. ^Aii^ S.21 3^3^ 2H;y| X||0|2| ^^Q- 

^2^ A|B|2^ ^^9k 2^n\m fl?X^2i ^9io| 7|#XKdescriptor):?F AiH12i Aj^ 

i! 3eiXF2[ ^01 oi^rsi PH2I0II 2|o^ 2S01I A^g§ 4^ Hf^Oil 7|^£!q. ^ 

71 ^3 Ef^e AhgsK)^ 2Hxj|OI| ^X1|:^=! Al^VJl^ ^^|01| ohA1|>::S| fl^ gSS^E! O^q 

^\, ^n\m fi^ms^xi. 3&Ei2i^xi. ^ij^ioij cnmoi oiccit^ mnm ^21 § 

*»jO| ^§E^X|. fi=?XK)l| 9\t\0\ 2»^m ^§H5! ^^A^ ^^^^^q. 

sei AjBi^ fi^g 3Hmm ^2}mm:ii s^of^ ^ioii ^f^s eh^m^ n^m ^^ai^i^ aioii 
siq. cpefAi. ^Hj^ii Aim^ SSI oi^^oii xf^m ^ashxi e*^^ mdoij saoii uj^^ s^e 
Eljoii ^g^q. ^m. AtbHOii mm ^§ ai^iji^ ^fbi^f Atbi^ a\^^ 5^^|x^ol| 2ioK)i q^CH 

^ Alpine 2i|Al|o| fiipfi^ fiips! 2Ha||2^ Xlj^Oil 2^ S^EIOll ^g2j iiH^?^! 

ois mQ.y\ aiab soiiai q^ aixii si ai^hju q^q. SE^^ ^mm ^^sf si ^ 
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£ le ^ ^soii ^21 Ai>tijsj fi^oii cfltf 

£ 2a^ ^ ^SOll ttfBf 2HxfPF yo^g^E|^ H^ae 5EA|e! ^MS- 
£ 2bb ^ ^SOll ttfe^ aohs^£|^ SAiH.^ ^es. 



£ 3b^ g ^soii {^\^\ An\ nmo\ £A|o^ 

£ ie ir^SS^S. fi^XF SX|(10)(^ ^AlOllOIIAlb S^EiOIXiei. Me^OiSI^/AibH 5^^|0||A1 #£fO|oiE 

x^l(^6)M st^E^ Aibi(i2)2K i^o^ Aidi^hM n^^\o\^°y ^^^%o\m)m s&e^ ae^ AitH(i8):7h 

3¥ mM?|3[^ ^AtOllOIIAI^ ejE1^»(20)]01| g^^Q. 2i|i^l|(16)b 3H. ^Aj . 0|0|A|. 4iH^^|0i H 

qioii A^g£ib ssEiu ;'i^7m se^ Ah^oii sn^er^ 5^xk22):?f eahs^q. oi;'ioiiAi^ i 

fi^xF §xi(io). Am AiBi(i2) °y M^{m:>\ ^g£ixiE-K ^ §y Ai^tge 

^ ^AlOllOIIAi. ^71 211^1 A1Bi(12)2t Aiyi(18)b mO|IH§d»>ie 3^ ^^^^(http) AiH]0|C|. 

Q?Xt Sxl(IO)^ g£2^0|H D MEf^Xi(24)^ §^Sf^ ^S^^IOi H^H^e ^^A|^Of E^P- 
fi?X^ §X|(10)^^E12| 3iA!|(16)01| Lfloh «eF^Xi (24)01! 2l5H http fi^S e^OI 2Hjyi Alt*i(l 

2)^ ^n^Q. D^£^:?^x|^. s^poii che.^ esse http h^s^m caeQ. 

dhfif ^01. An\ Aim(i2)^ ^Hm?iioi(i4)e =?§a|5ioi. ^ ^AioiioiiAi yo| 

?l|0i(140)b http AiHI ri^^^^iojo^ ^^^0|C|. A\±,^ ^:^\ ^H^^lOi(14)M A^g 

moi oi^= 7^n\{\B)j\ so|^£ixi s^2^bxj£f, oii^ >ioi ^eixi xis^Kif. 2H;y|(l6);'^ jset^s 

xisgs. 4i5e?iioi(i4)b s^aixf^moi^ ^^!Ci6)oii ^o^m ^^(^. 

xi§m::ii ^^^^'i s^oiib 2Hxlp^ oiijjg-xi. sgsi^xi eoii ^^^^ 
omsf Aj^3j. 2H^|oj Ai2t^oi A^^^)Jl^, Anv\ ^ojxi^ ^^(^. 4^ 

set AiBi(18)£ http AibH 4iHec?i|0iS| ^Sr^J ^^m.%Q\m^m ?^A|^iq. 01 :4iH^^|OJ(94)^ 3H;t|| 
Oil Albl^M ^I^E^Q. 

£ 2a01| $iOiA1. fi?Xhb 2HaI1S fi?oH:|(e:»ll 26). fl=F=! ^Hj^lP Xi^SF^ AM A|bi:?h 

?e 4^dE^q(&:>ii 28). ^^71 2H^i AitH7F ^^^ei eje ste ^aii Aim^ 12 

m ^oim. ^AiAj zim ei^^ ^qip. set ^H^^ioi^ http SAfmoi 3 s 

Q.^xmm a^^acB^ii 32). 

HSJU. ^n\^\ 30). MO! ^^E?i|oib fi^oii qg! qoii si^£ib 

^5^m:i2(B:»ii 34). oioiAi A]m^ ^qis^^q. ^:^\ s&ei ^^1^ ^'i^ 

(description). gxH L£|>;(nonce) §^ ^^sK^msi Uf^!!^ ^^j^iiyOI AFg 

i^)?^&!om£f Qipo| A|^^ §^ oigp si^s^b gjsm qioiEi:?^ si^s! 2»*iioiq. oj^oh 
b Aiti]:?j ^^^?\ 21^ ^'fxin 21^x121 oi^oii a^e^ sj^^q. eig §»!oi ^;Qimb 
fi?b eie^ sijonif, ojg g^oi ^XHmxj S^. 3 gs:?^ a 

omef. ffj^oj ^^^m ^s.m ^ £iQ(^. Ma ^^x|). o^:?ioiiAib A^gmoj s^xFoj 

n21 SS(privacy)£ M^l^ 4- 2iC|. &^SS^O|| qgh :?|^o^b ¥^1 ^^X|(non-repudi at ion)£[ ^ 

msi oi^oixpi ^oii fi?x^2^ las^oi ^stixi ^s^q 

(Oimq. 5|b AlBiOllAi ^f^sfE AHXm ^ 2i£^ ll^m ^fi^OI &^Cf). 

^:>\ fi^b se.^ Aifcfi^oj £.q2oj Qq;^xK)ii q§! ^&oii stf^ia. ^:'| xhs 

fi^xfoii q5K)i ¥§aK)iof e^Q. 

^2} Aibj ij^ne^jjoi^ M&fei ^safsn:|(&:>ii 38). ^:?| as!@ si ^ 

^mo\i\ ?if! ^^5ib 2ii^i A^bi2^ ^2^ M^m ^m^Q. 01 AiBi^oii ^ 

Ps^s. A^:?| ^oy Aim 4.HM?j|0ib eg^g m fi=?oj| qe ^ae Sl^o^bxi s 

AF«!CK&?1I 40). m fi^OII qn! 3^301 °|^£|X| 3^. ^2! Aim^F ^^1 Ajb*iO|| ^a. fl^ 

g aA|s^b oiiAixig y^E.n^(&:»ii 42). j^^^ Q.=^x\mn ^sl a^oii oiiaixim 

elQ. Am Mmm q^r A|>tij ^Fejx^b oiiAixiei 3^ oi^M ^SelQ. 

fi?7^ giji. A|bi iLH^?l|oib fl?# 2]ee!cK&:>ll 44). ^21 Aim :4^^^¥||o| 
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^ J^^^^ fi? axil (heading) Oil 21 A|Z|3f 21^^ fi^Oll St[^ b| lil^ ^0|Cf- 

^2} Aim ^^^?iioi7i oig^ ^ si^3(oimq. 2:jh2| A|^^o| ^^oimoi xh3^ 

01 HA|£|>jl4, XH3^E! ft=P0i|A12J AiglOl SS^sj Q.=?mM^ 9^). 2}^0\ 

ei^£]X| S^2.^ge HAim^ DllAjXP^ 2H^| AJbH^ ^^^SC|(B:fll 46). Q?:7J oi^SiB, A] bH 4iH 

^?J|01^ Q.=?m ^SmmH. Aibi12| 5HAI 5Eb ^^1 AitH^^Ei fi^S ^Hj^jg 

48). :^^:?| ±^^no\t: Q.=?y\ siss sei >HtH£ ^^ir ^oia. aei MB\y\ 

AitH^r fi^g 2Hj^iM ic^^iiEjs. a&^ AiBi ^H^?iioib ^ m^m^ ^^mm 

A^^moi 2HxiiM ^^smm. ^mm oi§ 2H(=^<Mx^o|| o|Sh aoi g^xi 

^H^?ilo]). fi^vg LH01I oieM ^2} §^ §^ ^Aii xiioifi^ mmA\^Q{^y\\ 50). aet 

^^mn ^2}m ^ ^) £?^Ai^o| o\uEJt, ^3^. :^H2J 5^ ei^c^^E^ s^)e se^^^ 

E^EO{^y\\ 52; H 2b2J &7\\ B SS) . 

£ 2b01| SiOiAl. fi^X^^ 0\m Alt&^PO:^!! 54). 01 e 

^^EIS. fl?3 3H^ioii cHth s^o} §*H3f 2H3t^j xiio^:?^ fi:?xF2i ^^E|^^ollAl ^*iim=!CK3:>il 54). 
o\m 2Haii j\\o]y\ ^^my\\ ^Mm^2i^x\m ^sm:?! m:^^m ^m^Q. s»m:>ii ^ 

^ims 3^. Q?xp^ 56) fi^xj^ ^oh AlbHoii fi=?t^a(B:»il 

58). AiBi :A:5S?IIOi^ fi^M ^^.^ClKB:^! 60). eof A^tH ^HM?l!0i7F SoH 

2im^ ^ giQei. n gjifoii diiaixp^ ^h^ii AitHs ^j^@Q(B:>ii 62). ayu. o^|A|xp^ oi^ci ^ 
^. AibH ^Me^ioi^ Qi^ig 2^01! ^moi s?x^o||:Hl ^^^A|5|:a(3?^I 64). 

£1 2H^i^ m^m^Q{^y\\ 66). set A^w]:7^ ^xwm ^ qioii A^eti ^i^ ?ioi 

p. ^^^'I AitH ^He?j|0i2j ^^|A| ?IS £HSm:?iI ^^SPI AlHCsee 

d)'OI| 216fl XllSaTiU. eSHOll SXIE :?|Eh2| ^£fr. ^^^^^^ 2ieA|0|| 2|SK)j XJIggCf. 

Die ^^£10. fi^x^b ^21 s^oiu ajAii xiioioii 2|6H ^m^m 
^mm m ^ 9iQ{^y\\ es). 

3aO|| £A|=! b^^^ ^01. fi^XhOI! 21^01 ^aJ|01! Hf^^ ^^A^ ^^2| 

01 ^XISP. ^^:?| ^3 H^^B MB AjBi A|>i^ 2!B|Xh0i| Smgo^ AF^l 4^ 

m^e Apgmol o\m2i ^n\m a^ms^xi. aixipt sesia^xi. o\m cHmoi oiiEi 

Q=?XP^ ^M\9\ M7|. BiH. BQ m)S A|£mB. ^All XllOi^ m^?|30i| qsH 

& a^oi EXHm^xi o\^m ^oiq(b:»ii 82). a^oi exHm^ 3^. ^^sms ^^21 71 

#XKdescriptor)7h MB AiBiOII ^Ollil. MB AHbH^ ^\0\E\9\ J\^X\m ^ 

n mmm y\mm ^o\Q{By\\ 88). u\mo\\ y\m^^ y\E\^ xfeoii^ aioiEi'. ^ Aftfi2i m 
XI AieiJif d^. A|zf ^ a^xh m^^^oi ip Aiyj^2j mo\E\y\ s^^^a. ^b ^^^^i § 

M:7h MB Aibij^ s^£i:zi, q?x^oii;hi seoi 2^£iB(B:?ii 94) ^Mm ^^y[ mm^cH^y\\ 
90). oimq. Hf2[ ^01. fi^xf^ ^y\ o\m ^^y\ ^s^o^ ^xiimsin. mb Ai^i^^Ei ^ 
^y\y\ s^oiiB Q?^ ^Aiie M 4^ ^Q- s^Ejoi! 2Hj^{l:?^ saisib. ^y\ oiwy 

^ ^y\m chef :?i#xp^ mb s^^Q- fi^x^ol|:Hl o]oe|o[ s^eixi arE 
ai^l^^oii ^^m^ a?x^2| 92). 

MB AitHOII qmOl B3ohP]| ^gsi g^oi EXHSFXI gf^B. ^hxII XlIOl^ mb AiBjOli CH 

o^oi ^§o^:axh ticKB^i 84). :^^:?| m^o\ ^S£IB(b:^ii 86). iy?i2j y\^x\y\ mb Aitn^ 

3^1 ^oim. ^^y\ MB AitJi^ 7|#xm 3#E! :'IEf2| qioiEiM ^3 m^oii y\mm ^oiQ(B:>ll 
88). oloiAi. 2H^ioii c}i§} ^^y[ m^^Q{^y\\ 90). naiLf q^oi ^ 86). 

oil |H?ie 4^iye^^ fi^xj2j QL^y\ :M¥E!Q(B:»li 92). 

£ 3b0|| SEAIE! ^01. MB Aitii^ MBsfg ^Mm CHsH 4-^=! ^?|2| y\^x[mm m^oil Xi 
SBQ- oiM ?S?10{|^ 2HXII fi^oii qB fi^x^ol|:>^|^2J 2Hx|| ^i^. ^^?|0i| qjot 5^ 

Q?Xf0||:HI^2i ^^y\ 3^01 SlfsiQ. MB A^y^:'^ m{&y\\ 74). Alrfi^' 4:^^?l|0ib 

MBafS ^^12] 3 ^011 ^BXj. ^s^joij q^oii Sf^S ^IBXj ^St.Kif 

(B:^! 76). ^^y\ ^^y\ MBSf^ 2*1x1121 3^oiu ^s^ioii chb s^oii 5f^£|xi S^. n^^ 
oil o^^^t :'l^£|xi &^^a(B:»il 80). naiu. MBm^ 2hxii se^ ^^^loii 2f^£|oi 

AiB. QioiBi 5^ fi?x^2] ip ^vw ^^2\ y\^x\y\ m^oii :'|^^iikb 

y\\ 78). oi|£jq. MB M^y\ MB^fg ^xfjOlj CHSJOI MBS fi^M ^d^B. ^^^^'l MB AiBl^ ^ 

n mgioii M&si Qipe xis.^m:ii. ^y\ s^=?2\ ^oit aib. pioiei °i s^xhs^ me 
^3 IP xi§sic[. MB Mmy\ oie ^ssi ^t^s ^M\m s^mm^ im?ixi^ Q.=i'x\my\\ s^m 
ttH. 01 ^?|2| :»i^oi ^y\ ^3 m^oii 7i^siq. 

^AlOflOil 2^01Ai. fi^X^^ ^x||^^O^t 4^ aiXIB ■^dm(untethered) (^. MB AfbiOII 

a^tixj s^e ^^EH) sp. MB s^oii 2^moi ^iMAjoj ^o|;,p fi?x^2^ ^?i^ fi?x^2i 

^x\o\\ ^'i^ti^. 3.^x\y\ MB AitHoii z^m ^^m ^§o^se cm mb s^eip. ai2} 
moil L:ii^^a^2^ s^oi ^^£1X1 ee^HB ^^1011 cut! 3^01 xiiB£i£^ xiioi:?r oi^oiiic^. 

9E QE ^Aioiioii sioiAj. MB AitHsj ^?|oii qt^ :?i#XFeE Ef^oii :»i^£i:?i 3011 giaSfi 4^ 
91Q. 01 ^Aioii^ Ai^^ii ^B\x\ 0I2I2I Aurdi:?!! ^3 Ef^oii mg! 5i^>^^l^7^ sigtiae oh M^m 
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(57) ^^Sl 

g?tr 1 

m^?|30ij SiOlAi. Lll^?ia LHOil ^>L^£l^ 2Hxi|0|| ^^si ^o|2^ ^zjisj ^o|oj ^^1 3^81^ Xllg 

b) Lil3?i30|| Q^£|32. ^^:?| AibiOll QiSKJi ^HxKM a?X^ Sxl2f. 

c) mm^^oii g^£i:Q. Hsn^oii eisFoi ^^gg ^hj^ioii qsK)i 
Aib|>^M cfE 4tHe?iioi H^n^e ^^A!?!^ ao^ ^luig stfona. Me^ Atbi^^M jqi 

i) ^:>\ S>^^I^¥E.1 2H^ioil CHeK)l °! Mg^sj 4^B^SAi . ^^:?| 

3 SiT^b fi^S :?|^(description) , , i£|^(nonce) 5^ ^ ^ mCser i al i zat i on) ^a|Om 

Si^ fi?2| AI2I §^ oig3f oh^^ aiOIEie Strm^ 2li^|o| ^o| fizpsj 2Hx||0|| qg^ XHXIS 

ii) fi?^ Me^m A^^^£|^ 2H:^| AlBi^^EI SE^ 5HA|^¥Ei fi^si 5iO|5f 2Hj5i|g sj 

iii) ^Hj^llg ^^aafo^^ 4-B3f. 

iv) a£i5f 2HAfi# 01 e 3H2[. §^ §^ ^i()i£[ gi^Ai^i^ ^e^j. 

v) ^32^ Hf^g Q^Xf SxlOll a^m^ 4-&OSA1. §^5^1^ 0| § ^SA|?1 

fi=FXf ^xm xiisshoiot mot. s=px[ sxisi A^gx[^ ^jyiM A^go^Il ?i 

mOI 0|e ^SAI a=?XJ Sxl^^Oll 3Hj^| ;q|01£f §*H0|| ei^Elfe 3io| 11^ 

vi) ^^;?| ^|0J2| d^g 

vii) ^Z'l ?| fi?2| eie e^^o|| ajei ^^?|g fi^Tj Xioioii xil^sh^ 4^&3}. 

viB) fiet AiBioii xis^E|^ ^^SAi. o|ttyMoi! ql»^ see nj^oii 7i^of^ sirmoi. 

A) fl?x^ s^ioii 2I6H :»HAi=! fi^ aetsf ^nm qtt fl?2^. 

5 

xiiit^oii 2ioiAi. ^^:^| §eb oign^S sxisi m^^^ ip ^-^21 ^si aetsf ai 

6 

:'CIlli^OII SiOiAi. E^^OI| OieUMSI :?|^AKdescrlptor)e StfSr^ ^o\^ 

7 

2iO|A1. ^^:^| H^gJOfl A1BJ0II ^1^E|b Sa6^b ^21 a2^m AI 

xi|i§l«l 2iOiA|. fl^xF §,^x|oi| 2|SK)| Af:,| ^i^g s^£|b §ab HSSMOII SlohOl g^asf 
9 
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mmm 9io\M. SMoii cH^^ 5tr8^fe ^^mm n\^m^ ^ei ^2^m 

E4I 

10 

XIIBtrOfI 910\M, SSOII CHE^ ^^smS H^Sm^ U|^S^ gJ^SKnon-mal I eable encryption) 

^=?ir ti 

xiiig^oii siofAi. a?x^ sxioii/H fi^oii qsf ?ls^o^ a^pxF s*i2f ae^ 
12 

m^^m sioiAi. e?x^ Aim a^oioii g^oi ^§1 4^ gie oh. ^e^ms! 2ii*iioii 

CHShOl fi?9 C-i fiStS^ A|>:i». 

13 

^nt^oii sioiAi. Q=i^x\ ^^x\sn ^^^i Mm Mom s^oi M^^2im kh. ^<y^ q^x^ 

fi^x^ sxi^2i EF^oii fi^si ^o^m ^Aiioii ai§^ ^?is :'i^an[i. wtmm ^2} mb\^ ^^m^ 



2g 



Aim jg 



S2> Aim 





( 
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32 



2>j90| 171^ (description) 2( Srsm GflOIEI 

^^ofl SISfOI -fi&a 



34 



s& A^b^:J^ aaa a^i 



36 



38 






Alujoe 










DOAtJl 






^46 



OflAIJ] 



set M^D\^^^ ^=?m 
^^s^sfn ajj^ Altti ife 



48 



V 



so 
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391x1 AtU 



54 




oms 



6^ 



6? 



58 




64 



72 











^OlOfl 
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aeh Aiuion s^si 

:7|^(Do6crIption)0l 



80 





84 




SI SOI IHVS 




Meh /dUiOl 2168 

(Oeecriptor):?^ SUn^gloe ^1^3 
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